• No results found

NASSCOM Cyber Security Task Force Working Group Discussion Slides. June 10, 2015

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "NASSCOM Cyber Security Task Force Working Group Discussion Slides. June 10, 2015"

Copied!
16
0
0

Loading.... (view fulltext now)

Download now ( 16 Page )

Full text

(1)

NASSCOM Cyber Security Task Force

Working Group Discussion Slides

(2)

A NASSCOM®Initiative

NASSCOM Cyber Security Task Force

Industry Development

Policy Development

Technology

Development

Skills

Development

Four Working Groups

Scope / Charter

Recommendations

(3)

Opportunities for Indian Industry

NASSCOM envisages

the Indian IT-BPM industry to achieve a

size of USD

350-400 billion by 2025

; the country

can aspire

to build a

cybersecurity

product and services industry

of

USD 35-40 billion by 2025

Currently, Indian industry revenue from security is

estimated to be

around 1%

(USD 1.5 billion) of overall IT-BPM industry revenue (USD

146 billion); by 2025, India can aspire to

scale it to 10%

Generate a million skilled jobs

in the security space by 2025 to cater to the

rising global demand of security professionals – current global shortfall is

estimated to be around 0.7 million, expected to rise to 1.5 million in 2020

as per (ISC)2 – Frost and Sullivan – Booz Allen Hamilton Report

(4)

A NASSCOM®Initiative

Global Initiatives/ Best Practices in WG Domains

In Israel

o

200 cyber security firms; 78 companies have

raised USD 400 million since 2010

o

cyber related exports are more than 5 percent of

global market

US Department of Homeland Security has nurtured

cyber security start-ups like Kryptowire & Nowsecure

Israel: Cyber security incubator established; Ben

Gurion University has become the hub of Cyber

Security Research and innovation.

US: The federal cybersecurity R&D strategic plan

intends to strengthen and leverage the link

between industry and academia.

UK: National Technical Assistance Center: Research

in encryption & cryptanalysis

Technology Development

Industry Development

Skill Development

Policy Development

Many countries have established processes for

policy implementation, proactive review with clear

activity timelines and accountability mechanisms

Policy push – R&D investment, IP ownership &

product commercialization

Policy enables PPP initiatives - Coordinating

Councils in US, National Cyber Security Hub in UK

In US, protection for organization sharing security

information with govt. through Cyber Intelligence

Sharing and Protection Act (CISPA) – bill debated

In UK

o

Government offers apprenticeships to boost the

number of civil service cyber specialists, cyber

security training in further and higher education

o

Cyber specials’ program to bring volunteer police

officers with specialist skills

Israel Education ministry has set up after-school programs

for cyber security in middle & high school.

In US, National Initiative for Cybersecurity Education

(5)

A NASSCOM®Initiative

Industry Development Group

(6)
(7)
(8)
(9)
(10)

A NASSCOM®Initiative

Technology Development Group

(11)

1. Visibility & Motivation - PM as ‘brand ambassador’for ‘Secure India’ Movement: The research and innovation in the area of Cyber Security requires a major impetus if India is to emerge on the global map. The Honorable Prime Minister be requested to help create a national movement ‘secure India’, and be the ‘brand ambassador’to galvanize the faculty and students at nation’s academic institutions, and young Indian innovator firms in a movement similar to ‘Swachh Bharat’ for cyber security research and development of products. National, State and college level hackathonsto be also held.

2. Creation of Sectoral CERTs+: Each core industrial sector to have a ‘sectoral CERT’ on similar lines as the (RBI’s) Banking CERT. These to act as means for i) cyber security intelligence exchanges for respective sectors, ii) be affiliated with the sectoral Government Regulator and create sectoral compliance regulations, leading to direct creation of demand for sector specific cyber security solutions and create impetus for product innovation by the industry in response to the demand, iii) Enable sector specific PPP partnerships for R&D by academic institutions (COEs, labs, etc.) and innovation of security products by the Industry, by giving visibility to sector specific needs and revenue potential, iv) have a role in validating new technology solutions and setting standards for their sectors,

3. Role of Industry - NASSCOM, DSCI & Other Bodies: i) take the initiative in creation of Sectoral CERTs+. ii) Help in creation of a PPP innovation & incubator fund (see para 6 below), ii) Mapping of existing

Industry capabilities and products, iii) Facilitate academia -industry collaboration for commercial

incubation of R&D outcomes. iv) Work with Sectoral CERTs+ for identification of sector specific requirements and Technological Gap

identification

4. Reduce Procurement Barriers for new Products of Small Firms in Govt Procurement: Govt will be the single largest customer of cyber security products. i) New innovation driven technologies and products by innovator firms must have a means to meet the procurement qualification requirements. For this there is a requirements to create ‘testing certifications and quality standards’. If a young Indian company can successfully meet, these then it would be eligible for R&D grant/subsidy of the testing certification cost, as also its products eligible for govt procurement (often as OEM through SIs). Ii) Procurement plans and roadmaps for the govt requirements must be released for next five years annually, this would make the potential demand and revenue potential visible to the Industry of the ‘largest customer’ and help Industry in taking commercial decisions to invest in ‘product development and R&D

5. Govt to Outsource Paid R&D to Small Innovator Firms and Academic Institutions:The R&D base of the country needs expansion through outsourced paid research for greater access to talent and grass-root innovation capabilities that exist in the private industry

6. Creation of National Cyber Security Innovation Fund: A PPP based fund with participation by the Govt, Sectoral CERTs+, and the financial institutions with the main aim to identify new technologies and products and innovator firms to invest in, mostly at commercial terms. This fund would also act as the incubator for new technologies, in partnership with Sectoral CERTs+ and R&D institutions

(12)

A NASSCOM®Initiative

Skills Development Group

(13)

One million certified skilled cybersecurity professionals by 2025

1.

Develop cybersecurity as a national mainstream cadre

. Mandate through SSC, global best

practices and certifications:

200 universities/colleges to run both dedicated stream and commercial research

200 vocational training providers

5 regional security hubs integrated with industry

2.

Select 100 Cybersecurity “Drone”acharyas and establish 10 COEs

to create a pool of

expert Cybersecurity trainers

3.

Govt. declares cybersecurity as a strategic sector

on par with the space, atomic energy

and defence and make investments for capability and capacity building

4.

Attract the best talent for Cybersecurity

via widespread advocacy, early introduction in

schools and talent search through hackathon and reality shows

5.

Mandate Cybersecurity health index

of essential public services, critical infrastructure and

public companies

6.

Embed Cybersecurity in the academic curriculum

across all levels for creating cyber aware

citizens

(14)

A NASSCOM®Initiative

Policy Development Group

(15)

A NASSCOM®Initiative

Policy Development

Policy advocacy (initiatives/ amendments) required for

CS Industry (Product + Services) Development Ecosystem

1. Capability Development through PPP

Addressing trust issues (PPP)

– Contracted projects to private sector to develop solutions/ technology,

security clearance of individuals; secure sites

Establishing Cyber Military Industrial Complex

Engaging industry (including startups) on contracts

in existing CS initiatives such as NCCC, Botnet Clearing

2. Promoting innovation and startups

Govt. promoting startup ecosystem (funds, incubation, infrastructure, IP-Patent issues etc.)

to be developed;

single window or distributed?

System Integrators (SIs) to include and promote startups in solutioning

eg. internal incubation programs

Procurement (including tendering) & audit processes

of govt. to encourage

startups

– eg. EMD requirements,

market share restrictions, etc.

3. Showcasing Indian industry abroad

– international delegations, conferences, road shows etc.

4. Testing and Assurance mechanisms

– Test Labs, Certifications – harmonized with global standards, domestic +

global market + becoming global delivery hub

5. Enabling Framework

– Cyber Commission; Privacy Law, Info exchange framework, encryption policy, Cyber Security Act

(mandatory disclosures on structure, investments, etc.), LEA capability building, international cooperation etc.;

whistleblowing provisions and policies in government & private sector; e-security index

(16)

References

Download now ( PDF - 16 Page - 0.91 MB )

Related documents

Liste des produits européens autorisés en France au 20 juin

FUND ; LEGG MASON GLOBAL FUNDS PLC - LEGG MASON WESTERN ASSET MACRO OPPORTUNITIES BOND FUND ; LEGG MASON GLOBAL FUNDS PLC - LEGG MASON WESTERN ASSET US MORTGAGE- BACKED SECURITIES

The macroeconomic implication of exchange rate regimes

Under fluctuating exchange rate, the inflation is positively correlated with real GDP per capita (0.16), which was not the case under fixed exchange rates where

The Massachusetts Homeless Post- Secondary Students Network A network to support homeless youth in access to public education

The Massachusetts Appleseed Center and the Office of Urban and Off-Campus Support Services (U-ACCESS) at UMass Boston seek to establish the “Massachusetts Homeless

OpenStack in 程 辉.

Swift Architecture Load Balancer Proxy Server Object Server Container Server Account Server Zone1 Proxy Server Object Server Container Server Account Server Zone2

Steve Prahst, NASA Glenn Research Center

The last point is a key one for knowledge management. A modern corporate language for collaboration can significantly increase the richness of communication and the ability to share

GPS/Cellular Messenger Intelligent GPS Mobile Sensor with Integrated Cellular Transceiver

FleetVision Version 2.0 for Windows with MapInfo support Order: 31600-20 1 x FleetVision Software CD 1 x Training Manual Depending on type of communications network used, need

Risks Factors in Road Accidents and Injuries

When larger vehicles such as trucks or buses are involved, these crashes frequently lead to serious injuries or even fatalities among vulnerable road users, such as

The Accidents Sub-Objective

3.1.4 The accident impact of major road transport interventions should be appraised using the methods set out in the COBA Manual (DfT). These are embodied in the COBA